Install and Configure Windows 2003 DHCP

8/6/2019 Install and Configure Windows 2003 DHCP

1/24

: Install and Configure Windows 2003 DHCP

The following tutorials run consecutively:

Install DHCP Components

Configure the First Scope

Create DHCP Reservation

DHCP Server Options

The DHCP Process

Troubleshooting DHCP

DHCP Subnetting

DHCP Supernetting

Install DHCP Components

Open the Windows Components section of Add/Remove programs:

Open Network Services
http://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#InstallDHCPhttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#FirstScopehttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPReshttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPServerOptionshttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPProcesshttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#TroubleshootingDHCPhttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPSubnettinghttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPSupernettinghttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#FirstScopehttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPReshttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPServerOptionshttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPProcesshttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#TroubleshootingDHCPhttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPSubnettinghttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#DHCPSupernettinghttp://www.alanphipps.com/WindowsAdmin-Server-DHCP.html#InstallDHCP


2/24

Ensure that the DHCP checkbox is ticked and press OK

Wait


3/24

Press Finish

Using the 80/20 Rule for Servers and Scopes

To provide fault tolerance for the DHCP service within a given subnet, you can configure two DHCP servers to

assign addresses on the same subnet. Here if one server fails then the other can take over. For balancingDHCP server use in this case, a good practice is to use the 80/20 rule to divide the scope addresses betweenthe two DHCP servers. Server 1 is configured to assign 80% of the total addresses and server 2 is assignedthe other 20%. Both servers have the same IP range but exclude each others portion of that range.

Configure the First Scope


4/24

Open the DHCP Management Console from Administrative Tools

The console with nothing configured, you should create a scope before you authorize the server.


5/24

Select New Scope

Press Next


6/24

Give the scope a relevant name, perhaps an indication of the location or purpose of the scope.


7/24

The IP Address range is important, dont use too many address in one scope when those extra addresses canbe used somewhere else. If you only need one scope and you have less that 254 computers and networkcomponents then use the 192.168.x.y range with a Length of 24. With this configuration every separatesubnet will increment the value of x. Example: 192.168.0.254 is the last IP address of the first subnet and192.168.1.1 is the first IP address of the next subnet.

Once the IP range has been configured press Next

Here you can decide what IP address that are within the scope are not to be used for DHCP clients. Thecommon standard as I know it is to use the first IP address for the Router or Default Gateway of the subnet.The next 10 or 20 IP Addresses are to be used for any Servers that you have on the subnet, although notnecessary Domain Controllers, DNS servers, etc should use static IP addresses and hence these addressesshould be excluded or not included within the DHCP scope. #


8/24

The lease duration is the length of time that a computer can use the IP address that it was assigned from theDHCP server. Unless you have a specific reason to change it just leave it as it is.


9/24

Select Yes and press next.

Add the IP address of the subnets router (Default Gateway). Dont use more than one.


10/24

Add the IP addresses of the DNS servers to be used by the DHCP clients. DNS servers do not have to be onthe same subnet, they clients will attempt to contact the servers in the order that they are appear in this list.If you have a dns server on the local subnet then put that at the top.

Much the same as DNS servers but used for pre-windows 2000 name resolution. Do not configure if you haveno Windows 9x/ME clients


11/24

Unless you have a reason not to, Select Yes and press next

Press Finish


12/24

The scope is shown and further configuration is possible from this window

Only Domain Controllers and Domain member servers can be authorized in Active Directory. Stand-aloneDHCP servers or workgroup DHCP servers running windows 2000 or 2003 cannot be authorized in ActiveDirectory but can coexist on the network as long as they are not deployed on the same subnet as anauthorized DHCP server.


13/24

All working now.

Create DHCP Reservation

A DHCP Reservation is an IP address that is specifically designated to a particular Hardware (MAC) address.This IP address will not be leased to any other network component. Although the network component willalways receive the same IP address, it will still be treated as a DHCP client and if the DHCP service is lost itwill lose its address after the lease expires. A reservation is most commonly used for Network Printers.

Select New Reservation


14/24

The Reservation name should reflect the purpose of the lease or the location of the network component. TheIP address must exist within the scope range. The MAC address is the 12 digit Hexadecimal Hardwareaddress that if your lucky is usually written on the side of a printer. MAC addresses are unique. Descriptiondoes not affect the operation of the reservation so write anything you like. BOOTP is a previous version of aAutomatic Client Addressing System and is not necessary if all network components are DHCP compliant.

Further Reservation options that are independent of the scope options can be configured here. ReservationComplete.

DHCP Server Options


15/24

Unless you have a reason to, dont change anything.


16/24

Set options as above.


17/24

Again, Unless you have a reason to, dont change anything.

All Done.

The DHCP Process

Initial Lease Process

1 The Client broadcasts a DHCP discover message to the local subnet.

2 The DHCP server responds with a DHCP Offer message.

3 If no response comes from a server the client can do one of two things:

If the client is running windows 2000, it configures itself with an APIPA address (196.254.x.x)

If the client is XP or 2003, the client configures itself with an alternate address, (if configured) or anAPIPA address

If the client is running an OS before 2000 and auto-configuration is disabled, the initialization fails. If leftrunning the client will repeat the DHCP Discover message 4 times every 5 mins until it contacts a DHCPserver.


18/24

4 As soon as a DHCP Offer message is received, the client selects the offered address by replying to theserver with a DHCP request message. Typically, the offering server sends a DHCP Acknowledgement (DHCPACK) message approving the lease. (DHCP options are included in the acknowledgement)

5 Once the client receives acknowledgment, it configured its TCP/IP properties using the info in the replyand joins the network.

DHCP Process

DHCP Client DHCP Server

-> -> DHCP Discover -> ->


19/24

The destination address is shown as 255.255.255.255 which is the broadcast address. The source address is0.0.0.0. The DHCP section identifies the packet as a Discover message. The client is identified by its MACaddress.

DHCP Offer

The source address is now the server IP address and the destination is the broadcast address. The packet is

identified as ana offer. The Your IP Address (Yiaddr) field contains the IP address that is being offered to theclient. The DHCP Option field contains the various options being sent by the server. Options include thesubnet mask, default gateway, lease time, WINS server address and NetBIOS info.

DHCP Request

The source IP of the client is still 0.0.0.0 and the destination for the packet is still 255.255.255.255. Theclient retains 0.0.0.0 because it hasnt received approval from the server to start using the IP address thatwas given in the offer. The destination is still broadcast because more than one DHCP server may haveresponded. Broadcasting one particular requested address lets those other DHCP servers know that they canrelease their offered addresses and return them to their available pools. If the client has previously had aDHCP assigned IP address and the client is restarted, the client specifically requests this previously leased IPaddress in the DHCP Request field of the packet. If the server determines that the client can still use theaddress, it either remains silent or sends a DHCP ACK message. If the server determines that the client

cannot have the address, it sends a NACK.

DHCP ACK

This message contains the IP address for the client to use as its lease. The source address of the ACKmessage is the server address, the destination address is still 255.255.255.255. The packet is identified asan ACK. The Your IP Address Yiaddr field contains the clients address and the Client Ethernet AddressChaddr field contains the MAC address of the clients network card.

DHCP NACK

A DHCP NACK address is most often used when the client computer has been moved to a new location.However, the message can also indicate that the clients lease with the server has expired. All address fieldsare 0.0.0.0. After receiving the NACK, the client starts the DHCP Discover process again. The client attempts

to lease the same address it had previously.

Troubleshooting DHCP

Address Conflicts

If a client has been assigned an address that is already in use, a warning will appear in the system tray. Thesystem log will also shown address conflict info.

This conflict can be a sign of a DHCP scope error or rogue DHCP Server. The windows support tools includesdhcploc.exe which can be used to locate rogue DHCP servers. The Conflict Detection option from the DHCPserver properties can be used to detect scope conflicts.

The shutdown /I command can be used to shutdown remote computers.

Using the Repair Button

Clicking the Repair button on the Support Tab of the Status dialog box performs the following actions:


20/24

1 Broadcasts a DHCP request message to renew the current DHCP lease. Similar to the ipconfig /renewfunction except that ipconfig function sends the request by unicast to the DHCP servers IP address -whereas the repair function uses a broadcast.

2 Flush the ARP cache, similar to the arp d * command.

3 Flush the NetBIOS cache. Similar to the nbtstat R command.

4 Flush the DNS cache similar to the ipconfig /flushdns command.

5 Register the clients NetBIOS name and IP address with a WINS server, similar to the nbtstat RRcommand.

6 reregister the clients computer name and IP address with DNS, similar to the ipconfig /registerdnscommand.

Failure to obtain a DHCP address

If the client has assigned itself an APIPA or alternate configuration address, the ipconfig /renew command orrepair function can be used to correct the problem. If the problem exists then this indicates a problem

connecting to the DHCP server or DHCP agent. Verifying the configuration of the DHCP server and agent.

The netsh dhcp show server command will show the names and addresses of all DHCP servers in ActiveDirectory.

Verifying the TCP/IP installation and network hardware can be done by the ping localhost command, if thiscommand returns a reply these two components are working. Pinging other hosts will verify network cablesand switches etc.

Address Obtained from Incorrect Scope

DHCP request messages contain a field named Giaddr that informs the DHCP server of the originating subnetof the request. When the field is empty, the client is assigned an address from the local scope. When theGiaddr field contains an address the DHCP server will assign an address that is on the same subnet.

Verifying the Scope Configuration

First, verify that the scope is activated and make sure that the address range for the scope has beenproperly configured. For scopes that assign addresses for the servers local subnet, ensure that the networkid of the scope is the same as the local subnet, especially if the subnet id is not the usual /8 /16 /24. As analternative, you can accommodate more computers within your current available address space simply bydecreasing the lease duration in the scope properties. When the lease duration is shortened, computers thatare shutdown, or removed from the network, do not keep their addresses for long and hence the address canbe available for other hosts.

Next, check the exclusions for any static IPs that might not be included. Move on to reservations and checkthat a reservation is not excluded, also check that the reserved address is within the scope. Also check theMAC address entry is correct. For network that use multiple DHCP servers, check that each server does not

use address on the other servers.

Reconciling the DHCP Database

If you detect that DHCP database info is missing or inconsistent, you can attempt to resolve the problem byreconciling DHCP data for all or any scopes.

Scope IP lease info is stored in two forms by the DHCP server service:

1 Detailed IP address lease info, stored in the DHCP database


21/24

2 Summary IP address lease info, stored in the DHCP database

When the reconciling scopes, the detail and summary entries are compared to find inconsistencies.

In this process, the DHCP server either returns the addresses in question to their original owners or creates atemporary reservation for these addresses. These reservations are valid for the lease time assigned to thescope. When the lease time expires, the addresses are recovered for future use.

Subnetting

What is Subnetting

Subnetting refers to the practice of logically dividing a network address space by extending the string of 1 bits used in the subnet mask of a network.

For Example, when the default subnet mask of 255.255.0.0 is used for hosts within the Class B network of131.107.0.0, the IP address 131.107.0.1 and 131.107.255.254 are found on the same subnet, and thesehosts communicate with each other by means of a broadcast. However if the subnet mask is extended to

255.255.255.0 the two IP address are then placed on different subnets. In order to communicate a defaultgateway must be used.

This process decreases the size of the broadcast domain, but reduces the number of hosts allowed pernetwork subnet.Subnetting also increases security by restricting network traffic behind routers.

Restricting Broadcast Traffic

A broadcast is a network message sent from a single host and distributed to all other network devices on thesame physical network segment. Broadcasts use network bandwidth and every host that receives it mustdetermine if it is destined for them and reply if necessary.

Routers block broadcasts.

Determining Host Capacity for Networks

For any specific network address, you can determine the quantity of host addresses available within thatnetwork by raising 2 to the number of bits used for the Host ID, and then subtracting 2. The network address192.168.0.0./24 uses 8 bits for the host, therefore the number of hosts available is 2^8 2 = 254.

Excluding All 0s and All 1s Host IDs

The value 2^x gives the total number of bit combinations for a binary number of x bits. 2^3 gives:

000 = 0001 = 1

010 = 2011 = 3100 = 4101 = 5110 = 6111 = 7

Not all combinations can be used, The All 0s host ID is used for the local subnet. The All 1s host ID is usedfor the broadcast address, hence when calculating the number of available hosts on a network you mustsubtract these 2.


22/24

Determining Subnet Capacity

When the string of 1s in the subnet mask is extended beyond the default to create multiple subnets withinan address space, The Host ID is shortened. And a new address space for the subnet IDs is created.

To determine the number of subnets available within an address space, simply calculate the value of 2^y,where y is the number of bits in the Subnet ID. For Example, when the network address space 172.16.0.0/16

is subnetted to /24, 8 bits are left for the subnet ID. Therefore the number of available subnets is 2^8 = 256.you do not have to subtract 2 because modern routers including MS RRAS can accept subnets made up of all1s or 0s.

Hosts per Subnet

The number of hosts available on a subnet is 2^x 2. To calculate the number of hosts available to theentire subnetted network, simply multiply the number of hosts per subnet by the number of subnets.

Subnet Examples

The subnet mask does not need to be extended by a full octet. For the address space 10.0.0.0/12, thedefault subnet mask is 255.0.0.0 but it has been extended by 4 bits. Thus 4 bits have been borrowed fromthe Host ID and given to the Subnet ID.

Network ID Subnet ID Host ID8 Bits 4 Bits 20 Bits00001010 0000 0000 00000000

Number of subnets Number of Hosts per Subnet Total number of Hosts

2^4 = 32 2^20 2 = 1048574 32 * 1048574 =33554368

The range of IP address available in the first subnet is 10.0.0.1 10.15.255.254

Estimating Subnet Address Ranges

You can estimate the IP range in each subnet by subtracting from 256 the value of the relevant octet in thesubnet mask. For Example, for a Class C network such as 207.209.68.0 with a subnet mask of255.255.255.192, subtracting 192 from 256 results in a value of 64. Hence the networks subnet ranges aregrouped in segments of 64 hosts. The first subnet range would then be 207.209.68.0 207.209.68.63.

For the Class B network 131.107.0.0 with a subnet mask of 255.255.240.0, subtracting 240 from 256 gives16. Hence the subnets are grouped into segments of 16. Therefore the subnet addresses ranges revealgroupings of 16 in the third octet. The fourth octet still ranges as normal from 0 255, giving the first IPrange as: 131.107.0.0 131.107.15.255.

Remember that hosts cannot be assigned an all 1s or all 0s address so those addresses of each subnetcannot be assigned.

Supernetting

Summarizing Routes Through Supernetting

To prevent depletion of higher-class network IDs, the Internet Authority devised a scheme calledSupernetting, which allows many networks (routes) to be grouped together (or summarized) in a singlelarger network.


23/24

For Example, suppose an organization needs to accommodate 2000 hosts. This number is too large for aClass C network ID. A Class B network can be used but there will be 63,534 unused addresses. Supernettingallows the organization to be assigned a block of Class C addresses that can be treated as a single networksomewhere between a Class C and Class B address.

How Supernetting Works

Supernetting borrows bits from the network ID and masks them as part of the Host ID. Suppose you had ablock of Class C addresses ranging from 207.46.168.0 to 207.46.175.0, by assigning a subnet mask of /21instead of the default /24 to your routers and hosts results with your entire network being seen as a singlenetwork segment, because now that the Network ID has been shortened, the network ID of each host is nowseen as being identical.

Below is a supernetted block of Class C addresses

Class C Networks Supernet ID Host ID21 bits 11 bits

207.46.168.0 11001111 00101110 10101 000 00000000207.46.169.0 11001111 00101110 10101 001 00000000207.46.170.0 11001111 00101110 10101 010 00000000

207.46.171.0 11001111 00101110 10101 011 00000000207.46.172.0 11001111 00101110 10101 100 00000000207.46.173.0 11001111 00101110 10101 101 00000000207.46.174.0 11001111 00101110 10101 110 00000000207.46.175.0 11001111 00101110 10101 111 00000000

Subnet Mask

255.255.248.0 11111111 11111111 11111 000 00000000

Using Classless Interdomain Routing

CIDR is an efficient method of accounting for supernets within route tables. Were it not for CIDR, route tableswould need a separate entry to handle every original network in the supernet. CIDR allows the supernet tobe handled as a single entry.

CIDR is commonly used to refer to supernetting in general.

CIDR is not compatible with Routing Information Protocol RIP version 1. CIDR requires that routers use RIPv2or Open Shortest Path First OSPF routing protocol.

Address Space Perspective

CIDR allows a block of Class C networks to be thought as a single address space in which 21 bits are fixed forthe network ID and 11 bits are variable for the Host ID.

Using Variable Length Subnet Masks

Traditionally, a singe subnet mask is shared by every host and router in an organization. This means that anetwork can be broken down into separate subnets. However, variable length subnet masks (VSLMs),routers within an organization can handle different subnet masks. Most commonly, VSLMs are used to allowsubnets to be subnetted. For Example an organization with the address 131.107.0.0 / 16, means that routersexternal to the organization use the first 16 bits of the address to determine the network ID and route trafficappropriately. Once data has been received from the internet, the routers may use a subnet mask of /22 toroute that data internally. Internal routers can again use a different subnet mask.


24/24

VSLMs are not compatible with RIPv1.

Using VSLMs to Accommodate Varying Subnet Sizes

Varying subnet sizes throughout the network means that IP addresses can be used more efficiently.

Class C Subnet Mask Options

Network Address Subnets Hosts per Subnet

208.147.66.0 / 24 1 254208.147.66.0 / 25 2 126208.147.66.0 / 26 4 62208.147.66.0 / 27 8 30

When using VSLMs to divide your network into subnets of varying sizes, a specific pattern of subnet IDs withtrailing 0s must be used, up to a maximum of seven subnets for a Class C network. These trailing 0s preventthe subnets from overlapping with each other.

Documents

Install and Configure Windows 2003 DHCP